Connect Buildkite to GitHub with secure, short-lived tokens.
Chinmina Bridge allows Buildkite agents to securely generate GitHub API tokens that can be used to perform Git or other GitHub API actions. It is intended to be an alternative to the use of SSH deploy keys or long-lived Personal Access Tokens.
The bridge itself is an HTTP endpoint that uses a GitHub application to create ephemeral GitHub access tokens. Requests are authorized with a Buildkite OIDC token, allowing a token to be created just for the repository associated with an executing pipeline.
Note
Find out more about Chinmina Bridge is available in the documentation.
This has and expanded introduction, a getting started guide and a detailed configuration reference. This has a more detailed description of the implementation, and clear guidance on how to configuration and installation.
This project welcomes contributions! Take a look at the outstanding issues for something to dip your toes into, open an issue to get some input, or raise a PR if you're confident.
